Bug ID 663535: Sending ASM cookies with "secure" attribute even without client-ssl profile

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
14.0.0, 13.1.1.4, 12.1.3.2

Opened: May 08, 2017

Severity: 3-Major

Symptoms

ASM cookies can be set with "secure" attribute on when BIG-IP works on SSL profile.

Impact

When working with encrypted network in the client side but clear network in the ASM virtual, cookies cannot be set with "secure" attributes.

Conditions

Enabling ASM, network to BIG-IP without client-ssl.

Workaround

There is no workaround at this time.

Fix Information

Added an internal parameter "assume_https", to decide always setting the "secure" attribute, even when the BIG-IP network is clear.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips